risepro | 402ff605d7f23f20e253e13b8cb1eb7b5b763a00311deba3cf13c9646ae1f397 | Triage

Submit
Reports

Overview

overview

Static

static

7

6c6a613603...c2.exe

windows7-x64

6c6a613603...c2.exe

windows10-2004-x64

Sharing

General

Target

6c6a6136030cabb7f08e8d2df789cbc2.exe
Size

2.2MB
Sample

240507-ngvrfsdg2x
MD5

6c6a6136030cabb7f08e8d2df789cbc2
SHA1

b55dbf0e29bfd61ec9092f62420f9c08275974b9
SHA256

402ff605d7f23f20e253e13b8cb1eb7b5b763a00311deba3cf13c9646ae1f397
SHA512

afeca3d130e1af378faac023718b03ba5d45b8a5307b4b0f2b8081ffe8b85f95b7201f3932bfc9e9c05519ef6ccd64a79e34de9e5cd8f775fee126baeb61877a
SSDEEP

49152:KHlAEi8etVYMUgCHhvcULUuNLP31VmRLVSQE2sCpdN:KHlJWYMfCHt4uVlVkICpdN

Score

10^/10

risepro evasion stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6c6a6136030cabb7f08e8d2df789cbc2.exe

Resource

win7-20240221-en

risepro evasion stealer themida trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

6c6a6136030cabb7f08e8d2df789cbc2.exe

Resource

win10v2004-20240419-en

risepro evasion stealer themida trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

- Target
  
  6c6a6136030cabb7f08e8d2df789cbc2.exe
- Size
  
  2.2MB
- MD5
  
  6c6a6136030cabb7f08e8d2df789cbc2
- SHA1
  
  b55dbf0e29bfd61ec9092f62420f9c08275974b9
- SHA256
  
  402ff605d7f23f20e253e13b8cb1eb7b5b763a00311deba3cf13c9646ae1f397
- SHA512
  
  afeca3d130e1af378faac023718b03ba5d45b8a5307b4b0f2b8081ffe8b85f95b7201f3932bfc9e9c05519ef6ccd64a79e34de9e5cd8f775fee126baeb61877a
- SSDEEP
  
  49152:KHlAEi8etVYMUgCHhvcULUuNLP31VmRLVSQE2sCpdN:KHlJWYMfCHt4uVlVkICpdN
Score

10^/10

risepro evasion stealer themida trojan
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseproevasionstealerthemidatrojan

behavioral2

riseproevasionstealerthemidatrojan

© 2018-2025

Terms | Privacy